Virtualized security routers for cloud security

Halon Security announced a next-generation firewall and security router as a virtual appliance named Virtual Security Router (VSR).

VSR is a complete security package for virtual infrastructure and can be easily integrated by using APIs.

Features:

Virtual (VSR), software and hardware (HSR): The platform is anyway available as ready-to-use hardware appliances, virtual machine images ideal for intra-VM security, and raw disk images which you can write to for example USB sticks which will boot your x86 server of choice.

Clustering: Deploy redundant appliances with ease. The optional zero-config cluster port gets you started in no time. Both active/passive and active/active high availability is available, with synchronization of the configuration, firewall states, IPsec SAs and DHCP leases.

Management: The hierarchical human-readable configuration file format is both easy to manipulate, but also elegant enough to serve as the firewall’s documentation. Changes to the configuration file (commits) are atomic, and thus no reboots are necessary, even when importing an entire configuration. This is ideal for clustering, and also makes it possible to test configurations during a specified time. Every modification is saved as a new configuration revision (with author, timestamp and a message). Every aspect of the system is made available through an easy-to-use SOAP API, which as a matter of fact serves as the foundation for the entire HTTPS administration.

VPN: H/OS offers IPsec VPN, both IKEv1/v2 and using manual keys. Enterprise layer2 IPsec tunneling. Remote user VPN is offered using MOBIKE, L2TP and PPTP.

Transparency: The terminology and administration philosophy of H/OS is excessively inspired by standard networking concepts, making it transparent and debuggable for the administrator. We realize the importance of being able to understand the inner workings of the firewall in order to successfully deploy secure networks.

Open source: Time has proven openness to be the best choice for producing trusted, security software. Therefore, we are not only using OpenBSD as foundation; we are also publishing all the changes we make. If you like, you can find out exactly what code is running on your router.